WPS
(The web page can be nornally dispayed in resolution ratio 1366*768, or you will see something messy.) The Wi-Fi Simple Configuration Specification (WSC) 'is the underlying technology for the Wi-Fi Protected Setup (WPS) certification1. We are going to discuss this Wi-Fi Proteced Setup in this network operation page. The major vendors are Cisco/Linksys, Netgear, D-Link, Belkin, Buffalo, ZyXEL and Technicolor, who have WPS-certified devices. '5Ws of WiFi Protected Setup (WPS) '' ' '''What: Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a network security standard. It attempts to allow users to easily secure a wireless home network, but could fall to brute-force attack If one or more of the network's access points do not guard against the attack3.' ' '' When: '''Created by the Wi-Fi Alliance and introduced in 20063, and introduced by the Wi-Fi Alliance in early 20071. ' Where&Who: 'Users at ' '''homes and in small office (SOHO) environments1. '''Why: Wi-Fi Protected Setup (WPS) allows a consumer to set up a secure wireless network in a user friendly way 2. Users have an oppotunity to set up Wi-Fi Protected Access and easy to add new devices to an existing network entering passphrases3. ''' Configuration options WPS supports out-of-band configuration over Ethernet/UPnP (also NFC is mentioned in the specification) or in-band configuration over IEEE 802.11/EAP 1 . PIN entry,Push Button Connect(PBC) and Near Field Communication (NFC) are the three main methods for Wi-Fi Protected Setup.PIN entry is mandatory in all Wi-Fi Protected Setup devices, while the other two seems to be optional and may also be used in some devices. See here to see how to join the WPS wireless network. PIN The WPS PIN is either on the device, or is displayed inside the router configuration webpage. Device's PIN can be authorized into the device that will be connecting directly to it 2. See here to know how to connect a device using PIN. PBC A button that can be pressed on both the new wireless device, and the existing wireless access point 2. Click here to know how to implement this. NFC A new wireless device can jion in the network within NFC communications range of the wireless device. Then WPS PIN can be exchanged between these two devices 2. Comparison with previous methods ''' '''The incorporation of WPS in wireless devices is to allow for easier configuration of wireless devices on a network, when compared to previous methods such as manually exchanging WEP , WPA or WPA2 passphrases2. Vulnerabilities' However, in December 2011,a major security probliem was found out that affect the wireless router with the PIN method. A remote attacker could gain access to the WPS PIN within a few hours - brute attack and discover the WAP/WAP2 password as well. The reason is that when an access requst fails, the device will sent the EAP -NACK response.This behaviour will let an attacker recognize whether the first half of the PIN was correct or not. A checksum is always known as the last few digits of the PIN, which greatly reduces the number of attempts that the attacker needed to guess a PIN – from about 108 to11,0004. Even if many routers do not lock out users after a number of failed tries. Once the attacker has the PIN, to grab the WPA encryption password is a piece of cake. ' Impact and solution' An attacker who is able to brute force the WPS PIN ont ony could retrieve the password for the wireless network, but change the network configuration ( Control Channels control channel ) of the access point or even cause a DOS (denial of service) . Currently the US. Homeland Security worked out some available solutions to mitigate such phenomenon: update firmware and disable WPS, find some details to see here5, this is for how to disable WPS, click this to find out some vendors imformations, and here to check which devices are vulnerable to WPS The design that could test a WPS's vulnerability was developed and published in prior research Aked, Bolan, & Brand, 2012) as the figure shown below 2. ' Result' Should we use WPS on WiFi Notwork or not? Click here to see the advantages of WPS and get to know why we should agree with using WPS. See here to see should not and click this to see how to defend WPS from brute-attack. Upon compromise by the reaver tool , the '''researchers '''were successfully able to retrieve the WEP, WPA or WPA2 passphrase when provided said PIN (Figure below)2 .The WPS PIN does not change automatically,given this, any WEP/WPA/WPA2 passphrase or SSID changes would easily be discovered if a attacker asks the router what the new passphrase is by using the compromised WPS PIN. ' Conclusion' If the WPS PIN is successfully discoverd by an attacker, it is nearly impossible to stop an attacker from retrying to connect with the same router which result from the changes of the WEP, WPA or WPA2 passphrase or ask for a new passphrase within short period of time 2. Collaboration between vendors is required for identifying appeared vulnerablilities. The vendors should be responsible for releasing new firmware to implement mitigations1. Check out this to identify how Netgear to solve this problem. ' References' 1.Viehböck, Stefan (2011-12-26). "Brute forcing Wi-Fi Protected Setup" (PDF). Retrieved 2011-12- 30. 2.Symon Aked,Christopher Bolan,Murray Brand (2012). "AN INVESTIGATION INTO THE WI-FI PROTECTED SETUP PIN OF THE LINKSYS WRT160N V2". 3. WPS. 4. Computer Fraud & Security (2012-01). "Wifi Protected Setup vulnerable" , issue 1, page 3. 5. Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack. ' Extenal link' * WPS * wireless home network * brute-force attack * router configuration webpage * Wireless DSL Gateway * wireless access point * WEP * WPA2 * remote attacker * SSID * WiFi Protected Security * reaver-wps * Connecting devices using Wi-Fi Protected Setup™ (WPS) on your Linksys router * How do NETGEAR Home routers defend WiFi Protected Setup PIN against brute force vulnerability? ' ' ' ' ' '''